magiclanternfandomcom-20200223-history
Memory map
DIGIC VI QEMU log: FC000008: MCR p15,0,Rd,cr6,cr2,0: RGNR <- 0x0 FC000010: MCR p15,0,Rd,cr6,cr1,0: DRBAR <- 0x0 FC000018: MCR p15,0,Rd,cr6,cr1,2: DRSR <- 0x3F FC000020: MCR p15,0,Rd,cr6,cr1,4: DRACR <- 0x320 FC000028: MCR p15,0,Rd,cr1,cr0,0: SCTLR <- (old & ~0x20000) | 0x1 => 0x2001 (enable MPU, disable background region; hivecs is enabled) FE020040: MCR p15,0,Rd,cr9,cr1,1: BTCM <- (old & 0x7D) | 0x1 FE025884: MCR p15,0,Rd,cr6,cr2,0: RGNR <- 0x1 FE02588C: MCR p15,0,Rd,cr6,cr1,0: DRBAR <- 0x0 FE025894: MCR p15,0,Rd,cr6,cr1,4: DRACR <- 0x329 FE02589C: MCR p15,0,Rd,cr6,cr1,2: DRSR <- 0x3B FE0258A4: MCR p15,0,Rd,cr6,cr2,0: RGNR <- 0x2 FE0258AC: MCR p15,0,Rd,cr6,cr1,0: DRBAR <- 0xBFE00000 FE0258B4: MCR p15,0,Rd,cr6,cr1,4: DRACR <- 0x324 FE0258BC: MCR p15,0,Rd,cr6,cr1,2: DRSR <- 0x29 FE0258C4: MCR p15,0,Rd,cr6,cr2,0: RGNR <- 0x4 FE0258CC: MCR p15,0,Rd,cr6,cr1,0: DRBAR <- 0xDFE00000 FE0258D4: MCR p15,0,Rd,cr6,cr1,4: DRACR <- 0x324 FE0258DC: MCR p15,0,Rd,cr6,cr1,2: DRSR <- 0x29 FE0258E4: MCR p15,0,Rd,cr6,cr2,0: RGNR <- 0x5 FE0258EC: MCR p15,0,Rd,cr6,cr1,0: DRBAR <- 0xEE000000 FE0258F4: MCR p15,0,Rd,cr6,cr1,4: DRACR <- 0x329 FE0258FC: MCR p15,0,Rd,cr6,cr1,2: DRSR <- 0x31 FE025904: MCR p15,0,Rd,cr6,cr2,0: RGNR <- 0x6 FE02590C: MCR p15,0,Rd,cr6,cr1,0: DRBAR <- 0xFE000000 FE025914: MCR p15,0,Rd,cr6,cr1,4: DRACR <- 0x329 FE02591C: MCR p15,0,Rd,cr6,cr1,2: DRSR <- 0x31 FE025924: MCR p15,0,Rd,cr6,cr2,0: RGNR <- 0x3 FE02592C: MCR p15,0,Rd,cr6,cr1,0: DRBAR <- 0xC0000000 FE025934: MCR p15,0,Rd,cr6,cr1,4: DRACR <- 0x305 FE02593C: MCR p15,0,Rd,cr6,cr1,2: DRSR <- 0x3B FE025944: MCR p15,0,Rd,cr15,cr5,0: UNK <- 0x0 FE025944: MCR p15,0,Rd,cr1,cr0,0: SCTLR <- (old & ~0x1002000) | 0x1004 => 0x1005 (clear VE, disable hivecs, enable instruction and data caches) FE020400: MCR p15,0,Rd,cr9,cr1,0: ATCM <- (old & 0x7D) | 0x80000001 [ init:fe237fa9 ] Memory region: start=00000000 end=00000000 flags=00000001 [ init:fe237fbf ] Memory region: start=00000000 end=00000000 flags=00000002 [ init:fe237fcb ] Memory region: start=E0000000 end=FFFFFFFF flags=00000020 [ init:fe237ffd ] Memory region: start=FE000000 end=FFFFFFFF flags=00000008 [ init:fe237ffd ] Memory region: start=EE000000 end=EFFFFFFF flags=00000008 [ init:fe237ffd ] Memory region: start=DFE00000 end=DFFFFFFF flags=00000004 [ init:fe237ffd ] Memory region: start=C0000000 end=FFFFFFFF flags=00000010 [ init:fe237ffd ] Memory region: start=BFE00000 end=BFFFFFFF flags=00000004 [ init:fe237ffd ] Memory region: start=00000000 end=3FFFFFFF flags=00000008 [ init:fe237ffd ] Memory region: start=00000000 end=FFFFFFFF flags=00000004 [ init:fe237e5f ] Memory region: start=00000000 end=FFFFFFFF flags=00000000 Register Description RGNR = MPU Region Number Register DRBAR = Data Region Base Address Register DRSR = Data Region Size and Enable Register DRACR = Data Region Access Control Register SCTLR = System Control Register (?) ATCM = DTCMRR = Data TCM Region Register (TCM = Tightly Coupled Memory) BTCM = ITCMRR = Instruction or unified TCM Region Register Here is a tentative to describe memory usage of the firmware Digic IV (*) from this message on CHDK forum : 5D Mark II by memset (14Mar2009) Digic IV EOS ROM map 0xF8000000 - ROM0 (64Mb) 0xF0000000 - ROM1 (32Mb) 0xF8000000 - 0xF0010000 - Flags & config area 0xF8010000 - 0xF874FFFF - User area 0xF8760000 - 0xF87BFFFF - FPGA config 0xF87C0000 - 0xF7DFFFFF - Bind resource 0xF87E0000 - 0xF87EFFFF - Bootrom cipher extension 0xF87F0000 - 0xF87FFFFF - Bootloader (bootrom) FPGA config area: byte-by-byte interleaved bitstreams: bitstream 0: Xilinx Spartan-3E XC3S250E bitstream 1: Xilinx Spartan-3E XC3S100E See also Setting up memory maps hudson (9May2009) below for 5DMark II 1.0.7 and 7D 1.1.0: 5d Mark II, 1.0.7 ;http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0201d/I1039570.html ;Register 6, Protection Region Base and Size Registers ROM:FFFF2368 MOV R0, #0x3F ;region0, 0x3f=0011 1111 : base=0, size=4Gb (0xffff ffff) MCR p15, 0, R0,c6,c0 MOV R0, #0x3D ;region1, 0x3d=0011 1101 : base=0, size=2Gb (0x8000 0000) MCR p15, 0, R0,c6,c1 LDR R0, =0xE0000039 ;region2, 0x39=0011 1001 : base=0xe000 0000, size=512Mb (0x2000 0000) MCR p15, 0, R0,c6,c2 MOV R0, #0xC0000039 ;region3, 0x39=0011 1001 : base=0xc000 0000, size=512Mb (0x2000 0000) MCR p15, 0, R0,c6,c3 LDR R0, =unk_FF80002D ;region4, 0x2D=0010 1101 : base=0xff80 0000, size=8Mb (0x0080 0000) MCR p15, 0, R0,c6,c4 MOV R0, #0x39 ;region5, 0x39=0011 1001 : base=0, size=512Mb (0x2000 0000) MCR p15, 0, R0,c6,c5 LDR R0, =0xF780002D ;region6, 0x2d=0010 1101 : base=0xf780 0000, size=8Mb (0x0080 0000) MCR p15, 0, R0,c6,c6 7D, 1.1.0 ROM:FFFF2364 MOV R0, #0x3F ;region0, 0x3f=0011 1111 : base=0, size=4Gb (0xffff ffff) ROM:FFFF2368 MCR p15, 0, R0,c6,c0 ROM:FFFF236C MOV R0, #0x3D ;region1, 0x3d=0011 1101 : base=0, size=2Gb (0x8000 0000) ROM:FFFF2370 MCR p15, 0, R0,c6,c1 ROM:FFFF2374 LDR R0, =0xE0000039 ;region2, 0x39=0011 1001 : base=0xe000 0000, size=512Mb (0x2000 0000) ROM:FFFF2378 MCR p15, 0, R0,c6,c2 ROM:FFFF237C MOV R0, #0xC0000039 ;region3, 0x39=0011 1001 : base=0xc000 0000, size=512Mb (0x2000 0000) ROM:FFFF2380 MCR p15, 0, R0,c6,c3 ROM:FFFF2384 LDR R0, =unk_FF80002F ;region4, 0x2F=0010 1111 : base=0xff80 0000, size=16Mb (0x0100 0000) ROM:FFFF2388 MCR p15, 0, R0,c6,c4 ROM:FFFF238C MOV R0, #0x39 ;region5, 0x39=0011 1001 : base=0, size=512Mb (0x2000 0000) ROM:FFFF2390 MCR p15, 0, R0,c6,c5 ROM:FFFF2394 MOV R0, #0x8000002F ;region6, 0x2F=0010 1111 : base=0x8000 0000, size=16Mb (0x0100 0000) ROM:FFFF2398 MCR p15, 0, R0,c6,c6 550D 1.0.8 ROM:F8FF22B0 sub_F8FF22B0 ; CODE XREF: ROM:F8FF0608�p ROM:F8FF22B0 MOV R0, #0x3F ROM:F8FF22B4 MCR p15, 0, R0,c6,c0 ROM:F8FF22B8 MOV R0, #0x3D ROM:F8FF22BC MCR p15, 0, R0,c6,c1 ROM:F8FF22C0 LDR R0, =0xE0000039 ROM:F8FF22C4 MCR p15, 0, R0,c6,c2 ROM:F8FF22C8 MOV R0, #0xC0000039 ROM:F8FF22CC MCR p15, 0, R0,c6,c3 ROM:F8FF22D0 LDR R0, =0xFF00002F ROM:F8FF22D4 MCR p15, 0, R0,c6,c4 ROM:F8FF22D8 MOV R0, #0x39 ROM:F8FF22DC MCR p15, 0, R0,c6,c5 ROM:F8FF22E0 LDR R0, =0xF780002D ROM:F8FF22E4 MCR p15, 0, R0,c6,c6 ROM:F8FF22E8 MOV R0, #0x70 ROM:F8FF22EC MCR p15, 0, R0,c2,c0 ROM:F8FF22F0 MCR p15, 0, R0,c3,c0 ROM:F8FF22F4 MCR p15, 0, R0,c2,c0, 1 ROM:F8FF22F8 LDR R0, =0x3FFF ROM:F8FF22FC MCR p15, 0, R0,c5,c0 ROM:F8FF2300 MCR p15, 0, R0,c5,c0, 1 ROM:F8FF2304 MRC p15, 0, R0,c1,c0 ROM:F8FF2308 ORR R0, R0, #1 ROM:F8FF230C ORR R0, R0, #0x1000 ROM:F8FF2310 ORR R0, R0, #4 ROM:F8FF2314 ORR R0, R0, #0xC0000000 ROM:F8FF2318 ORR R0, R0, #8 ROM:F8FF231C ORR R0, R0, #0x10 ROM:F8FF2320 ORR R0, R0, #0x20 ROM:F8FF2324 ORR R0, R0, #0x40 ROM:F8FF2328 MCR p15, 0, R0,c1,c0 ROM:F8FF232C RET ROM:F8FF232C ; End of function sub_F8FF22B0 Based on this ARM code : Digic III from ARM memory protection code of * 1000d boot code (0xFFFF1C8C in 1.0.5 dump) * and 40D boot code (0xFFFF1CCC in 1.0.8 dump) Hardware registers Registers start at 0xc0220000. QEMU 00000000 - 3FFFFFFF: eos.ram 40000000 - 7FFFFFFF: eos.ram_uncached F0000000 - F0FFFFFF: eos.rom0 F1000000 - F1FFFFFF: eos.rom0_mirror_F1 F2000000 - F2FFFFFF: eos.rom0_mirror_F2 F3000000 - F3FFFFFF: eos.rom0_mirror_F3 F4000000 - F4FFFFFF: eos.rom0_mirror_F4 F5000000 - F5FFFFFF: eos.rom0_mirror_F5 F6000000 - F6FFFFFF: eos.rom0_mirror_F6 F7000000 - F7FFFFFF: eos.rom0_mirror_F7 F8000000 - F8FFFFFF: eos.rom1 F9000000 - F9FFFFFF: eos.rom1_mirror_F9 FA000000 - FAFFFFFF: eos.rom1_mirror_FA FB000000 - FBFFFFFF: eos.rom1_mirror_FB FC000000 - FCFFFFFF: eos.rom1_mirror_FC FD000000 - FDFFFFFF: eos.rom1_mirror_FD FE000000 - FEFFFFFF: eos.rom1_mirror_FE FF000000 - FFFFFFFF: eos.rom1_mirror_FF C0000000 - CFFFFFFF: eos.iomem